Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

self restoring virus


  • Please log in to reply
2 replies to this topic

#1 starace

starace

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 24 September 2010 - 10:32 AM

I have come across customers with virii that automatically run system restore when the computer is restarted. Security Tool is one of them. I don't remember if the other one is the same.

I removed the virus as per instructions here at bleepingcomputer.com I ran the Rkill and Malwarebytes in safe mode. I restarted the computer a few times. No problem. The next day the customer calls and everything I did was un-done. The computer was restored back to the time before I removed the virus. Both customers had the same issue.

I guess turning off system restore is the only answer before trying the removal process, provided that you can get to the system restore program.

Anyone else see this?

Edited by Orange Blossom, 24 September 2010 - 12:53 PM.
Moved to AV forum from breaking news. ~ OB


BC AdBot (Login to Remove)

 


#2 Layback Bear

Layback Bear

  • Members
  • 1,880 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ohio
  • Local time:07:08 AM

Posted 24 September 2010 - 10:51 AM

:thumbsup: to Bleeping Computr. Just a idea. Remove all restore points on infected computer and then run your updated security scans and clean the computer. When the infected computer is clean make a new restore point. Then check Windows updates often because when It installs a update it makes another restore point again. At this time I use Secunia PSI. A nice program that checks the programs on that computer for updates. As we know programs like Adobe have many security update that are very hard to keep track of.

#3 ScottD

ScottD

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 14 October 2010 - 06:09 PM

I realize this issue occurring with TWO customers is a bit conspicuous - I would be tempted to conclude the customer rolled back the system on their own had it only occurred on a single computer. On my cleaning 'check list' I always toggle System Restore in XP to remove previous restore points, then create a new 'Clean' restore point for the customer.

You might also add TDSSKiller from Kaspersky to remove any rootkit infections that may have gone unnoticed by your regular routine.

Cheers,

- Scott




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users